Method and device for evaluating the system assets of a communication network

ABSTRACT

There is provided a method a method for evaluating the system assets of a network that includes the steps of identifying system assets of the network and applying a heuristic that focuses on specific attributes of the communications relationships between the system assets of a network.

RELATED APPLICATIONS

This application is a continuation application of U.S. application Ser.No. 14/494,697, filed Sep. 24, 2014.

BACKGROUND OF THE INVENTION

According to US Published Patent Application No. 2012166317 to Karnicket al, asset management systems are an important part of the managementof the computer systems of a large enterprise. These systems provide anenterprise with the ability to manage configuration changes, providingbetter control over the computer software and hardware assets of theenterprise.

In a large enterprise, when an asset management product is initiallydeployed, a large number of assets such as server, desktop, and laptopcomputers must first be enrolled or registered with the product asmanaged entities. Depending on the capabilities of the asset managementsystem, the registration of assets may be done manually or may beautomated using a discovery tool, which may include software thatautomatically discovers physical and virtual assets.

The assets managed by such asset management systems are typicallygrouped into logical groups that may be managed collectively, reducingthe complexity and costs of managing those grouped assets. However,according to US Published Patent Application No. 2012166317 to Karnicket al, creating logical groups of these IT (information technology)assets remains a manual task. Administrators may create and populategroups with individual IT assets based on some organization-specificcriteria. In some asset management systems, administrations may definegroups that are automatically populated based on rules involving ITasset attributes. In either case, some administrator is responsible fordefining the groups or rules manually. In large enterprises, groupdefinition is a hard task for individual administrators, and is likelyto result in false positives (an IT asset incorrectly being assigned toa group) and false negatives (an IT asset incorrectly being omitted froma group). Even where groups are automatically populated, the correctnessof those groups remains dependent on discovering and updating the rightmetadata or configuration data.

In addition, according to US Published Patent Application No. 2012166317to Karnick et al, administrators typically create groups using simplecriteria of which they are aware, e.g., operating system (OS) type orphysical location. Other possible groupings, which may be more useful insome scenarios, may not be created because the administrator is unableto determine the proper criteria for defining the group. For example,the administrator may not be aware of which attributes are key tosimilarity among assets of a given type or there may not be any simpleexpression involving IT asset attributes that can be used to define adesired group. When IT asset management systems managed hundreds of ITassets, these manual groupings, while onerous, may have been feasible.However, notes US Published Patent Application No. 2012166317 to Karnicket al, where such systems may be managing tens of thousands of ITassets, manual grouping is at best very difficult, and often infeasiblewith any degree of accuracy and, according to US Published PatentApplication No. 2012166317 to Karnick et al, IT asset management systemshave frequently produced suboptimal groups.

However, beyond the challenges of producing more optimal groups of ITassets to facilitate management of IT resources, there is the challengeof producing meaningful information for administrators to effectivelymanage the IT resources. Even a relatively coherent, highly logicalsorting out of IT assets into groups or classifications can still resultin an unwieldy density of information that hinders, rather thanfacilitates, the management tasks of an administrator. Thus, the needstill exists for a method for evaluating the IT assets of a network ornetworks that provides meaningful information in a readily accessiblemanner or an easily digestible manner to be used by an IT administratoror another person acting as a network operator and involved in networkplanning and management.

US Published Patent Application No. 2011/0246376 to Devakondra et alpoints out that network data processing systems are used for a varietyof different purposes and come in a number of different forms. Severaltypes of network data processing systems are commonly used by companiesand other organizations and may include, for example, local areanetworks, wide area networks, virtual private networks, and othersuitable types of networks. In addition to such networks that may bemaintained by the network operator itself, cloud services are availableand the users of this type of network data processing systems neitherown nor manage the physical infrastructure.

According to US Published Patent Application Number 2011/0270968 toSalsburg et al, the term “cloud computing” generally refers to a modelthat makes computing resources available over a network as services.There are many factors to consider before an organization moves acomputing workload to a public or private cloud. For example, accordingto US Published Patent Application Number 2011/0270968 to Salsburg etal, there is a need to validate business applications (workloads) interms of technical portability and business requirements/compliance sothat the workloads can be deployed into a cloud without considerablecustomization. Conventionally, according to US Published PatentApplication Number 2011/0270968 to Salsburg et al, this validation isaccomplished using a manual, time consuming process for workloadidentification, workload classification, and cloud provider assessmentto find the ‘best-fit’ for business workload hosting.

Organizations that employ more traditional types of network dataprocessing systems may contemplate whether to change over from theirmore traditional network environment to a cloud network environment. Inview of the fact that the particular cloud services offered by eachcloud service provider or vendor will have different features, benefits,service operating requirements, and costs, it would be advantageous fora network operator to have access to tools that can help guide adecision to migrate computing tasks to a cloud. Moreover, it would beadvantageous if such tools for a guiding a network operator could equipthe network operator to have an accurate picture of the computingresources in its own network that will or can be replaced by the cloudcomputing resources. Furthermore, network operators can make betterinformed decisions about purchasing cloud services if they can getpricing information about potential cloud service providers and,especially, pricing information about the scope of computing resourcesthat tasks could be taken over in a cloud service arrangement.

SUMMARY OF THE INVENTION

One object of the present invention is to provide a method forevaluating the system assets of a network and, particularly, a methodfor evaluating “critical interfaces” of the system assets of thenetwork.

A further object of the present invention is to provide a tangiblecomputer-readable medium for storing instructions for controlling acomputing device to generate an output, the instructions controlling thecomputing device to perform steps including the steps of identifyingsystem assets of the network and applying a heuristic that focuses onspecific attributes of the communications relationships between thesystem assets of a network.

In connection with further details of the step of identifying systemassets of the network, the system assets to be evaluated can includeonly network devices, only entity applications or both network devicesand entity applications. In connection with further details of the stepof applying a reference group heuristic, this step may involve applyinga reference group heuristic to determine if an identified network deviceis in the reference group, wherein an identified network device isdeemed to be in the reference group if the identified network device hasa non-intermediated communication relationship with two or more othernetwork devices.

According to optional features of the method of the present invention,the method may further include the step of assessing data relating tothe reference group relative to a selection of migration scenarios eachof which is a scenario wherein some or all of the functions performed bysome or all of the system assets would instead be performed externallyof the network. Furthermore, the method may optionally includegenerating a migration consideration set comprised of cost informationunits that each include cost information about one of the migrationscenarios.

Other aspects, embodiments and advantages of the present invention willbecome apparent from the following detailed description which, taken inconjunction with the accompanying drawings, illustrate the principles ofthe invention by way of example.

Incorporation by Reference

Each patent, patent application, and/or publication mentioned in thisspecification is herein incorporated by reference in its entirety to thesame extent as if each individual patent, patent application, and/orpublication was specifically and individually indicated to beincorporated by reference.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing and other objects, features and advantages of the presentinvention, as well as the invention itself, will be more fullyunderstood from the following description of various embodiments whenread together with the accompanying drawings, in which:

FIG. 1 is a schematic illustration of one possible sequence of stepsthat may be performed to implement the critical interface evaluatingmethod of the present invention;

FIG. 2 is a schematic illustration of an exemplary network about whichthe method of the present invention can provide can provide rapidlyunderstandable and pertinent information for use by the network operatorin making decisions about migrating computing tasks to an alternativetask performer such as a private cloud computing resource or a publiccloud computing resource;

FIG. 3 is a schematic view of a portion of the network shown in FIG. 2;

FIG. 4 is a schematic view of one exemplary subnetwork of the networkshown in FIG. 2.

DETAILED DESCRIPTION OF AN EMBODIMENT OF THE INVENTION

In accordance with the present invention, there is provided a method forevaluating the system assets of a network and, particularly, a methodfor evaluating “critical interfaces” of the system assets of thenetwork. Reference is had to FIG. 1, which is a schematic illustrationof one possible sequence of steps that may be performed to implement thecritical interface evaluating method of the present invention, and thefollowing description of the critical interface evaluating method and anarrangement for implementing the method on a computer. The criticalinterface evaluating method, which is hereinafter referred to as thecritical interface evaluating method 310, can provide a network operatorwith tools to guide decisions about managing, adjusting, growing, oraltering an IT arrangement and can provide the network operator withtools for considering and implementing a migration of computing tasks toan alternative task performer such as a private cloud computing resourceor a public cloud computing resource and tools for automaticallyeffecting the migration of selected computing tasks to an alternativetask performer.

The term “critical interfaces” as used herein means those system assetsthat receive and transmit communications—thus, broadly speaking,“interfaces”—about which it is “critical” that A network operator canmonitor in the event that the network operator wants to receive aneasily digested, winnowed down yet accurate understanding of the healthof the IT system. The “interfaces” identified to the network operator as“critical interfaces” may or may not be more essential to the networkthan other interfaces of the network. Instead, the “criticality” impliedby the term “critical interfaces” relates to the value and significancethat information about such “critical interfaces” contribute tosimplifying and resolving the tasks of monitoring the health of thenetwork and, additionally, planning and implementing the growth orreconfiguration of the network. “Cloud computing” refers to theaccessing of computing resources and data via a network infrastructure,such as the Internet. The computing resources and data storage may beprovided by linked data centers of the “cloud,”—i.e., a “cloud” network.Each of the data centers may include a plurality of servers that providecomputing resources, as well as data storage and retrieval capabilities.As used herein, “cloud service providers” refers to the owners oroperators of the data centers that operate the “cloud” networks

With reference now to FIG. 2, which is a perspective schematic view of anetwork, the critical interface evaluating method 310 will be describedin further detail including how the critical interface evaluating method310 can be performed to evaluate the representative network shown inFIG. 2. As seen in FIG. 2, a representative or exemplary network 220 isto be understood as representing any information technology or “IT”arrangement operable to store, manipulate, and present information tothe network operator. As seen in FIG. 2, the exemplary network 220 cancomprise components enabling the network to operate as a local areanetwork, a wide area network such as the Internet, and/or a wirelessnetwork operable to receive a wireless signal from a transmitter 222.The computers comprised by the network 220 may include desktop computers224, lap-top computers 226, hand-held computers 228 (including wirelessdevices such as wireless personal digital assistants (PDA) or mobilephones), or any other type of computational arrangement of hardwareand/or software. The several computers may be connected to the network220 via a server 230. It should be noted that any other type of hardwareor software may be included in the system and be considered a componentthereof.

The critical interface evaluating method 310 can be deployed to evaluatethe system assets of any network that can broadly be considered to be acommunications network in that the network routes and handlescommunication signals and such a network can be configured as a wirelessnetwork or a wired network, or a combination wireless and wired network.In the context of the network being configured as a computer network,the network can include an entirely hardware inventory of assets, anentirely software inventory of assets, or an inventory of software andhardware assets. As is well known, a computer network may be a virtualnetwork in that a hardware asset hosts a plurality of virtual machines(VMs), each virtual machine operating as a stand alone computer andproviding a characteristic computer device function such as a serverfunction or a storage function. The host hardware asset typicallyincludes a management entity, often called “hypervisor,” that controlsand manages different virtual machines.

As seen in FIG. 3, which is a schematic view of a portion of thenetwork, the network 220 may include a virtualization capability that isimplemented in a known manner via an emulated hardware environment. Ahypervisor 820 is operatively connected with hardware exemplarilydesignated as a device group 830 so that virtualization of the devicegroup 830 is provided without an operating system. The hypervisor 820controls access to the device group 830 to a plurality of users 840. Thedevice group 830 can include, for example, a storage device 832 and aprocessor 834 and these devices are herein designated as a type ofsystem assets of the network called “network resources.” The term“network resources” as used herein refers to devices that are operableto distribute communication signals that transit to and between thesenetwork resources with each network resource having a transitrelationship with a communication signal in that the network resourcemay originate a communication signal and/or receive a communicationsignal. Also, the system assets of the network additionally include“entity applications” which are applications that direct distributionsof communication signals to and between several of the system assets.Thus, the hypervisor 820 and the devices of the device group 830 may befully or partially controlled by entity applications. Withvirtualization, a device can host a number of virtual machines viavirtualization with each virtual machine functioning as a stand alonecomputer and offering any number of classic device functions such asserver, storage, and other device functions.

The critical interface evaluating method 310 is configured for use witha network which, as schematically shown in FIG. 2, is designated as thein-place network 220 and which is to be understood as representing anycommunication network, information technology network or “IT”arrangement operable to store, manipulate, and present information tothe network operator. As seen in FIG. 2, the in-place network 220 cancomprise components enabling the network to operate as a local areanetwork, a wide area network such as the Internet, and/or a wirelessnetwork operable to receive a wireless signal from a transmitter 222.The computers comprised by the network 220 may include desktop computers224, lap-top computers 226, hand-held computers 228 (including wirelessdevices such as wireless personal digital assistants (PDA) or mobilephones), or any other type of computational arrangement of hardwareand/or software. The several computers may be connected to the in-placenetwork 220 via a server 230. It should be noted that any other type ofhardware or software may be included in the system and be considered acomponent thereof.

The in-place network 220 schematically illustrated in FIG. 2 includesnetwork devices that are operable to distribute communication signalsthat transit to and between these network devices. Each network devicehas a transit relationship with a communication signal in that thenetwork device may originate a communication signal and/or receive acommunication signal. Communication signals can be in any form as isknown in the art, including, as an example of a non-binary informationsignal, wireless radio wave signals or, as an example, of a binaryinformation signal, “packets”, which is intended to mean the discretecollection of information typically referred to by this term withrespect to signals handled by computer hardware devices. The handling ofa packet by a network is typically governed by a set of rules thatdefines its structure and the service it provides. As an example, theWorld Wide Web has a standard protocol referred to as the Hyper TextTransport Protocol (HTTP) and this standard protocol dictates howpackets are constructed, how data is presented to web servers, and howthese web servers return data to client web browsers. Any applicationthat transmits data over a computer network uses one or more protocols.There are typically numerous protocols in use between computers on anetwork.

The network devices of the in-place network 220 are shown, solely forthe sake of illustration, as including hardware assets in the form ofrouters, switches, servers operable to run Windows™ brand software,workstations operable to run Windows™ brand software, Linux/Unixservers, hosts operable to run VMware™ software, terminals, hubs,branches, intersections, and bridges.

The in-place network 220 includes entity applications that directdiscrete distributions of communication signals between several networkdevices. An “entity application” is a term used in this specification torefer to any form of application run on a network and may include agroup of software assets that operate cooperatively with each other toprovide a processing function or may include a single software asset,proprietary to the entity operating the network or bought or leased bythe entity, that provides a processing function. An “entity application”may include commercially available applications such as, for example,Windows™ brand software, Linux™ software, or VMware™ software, any formof freeware or shareware, or any form of custom software proprietary to,or licensed by, the network operator.

The critical interface evaluating method 310 includes the step ofidentifying system assets of the network, wherein the system assets tobe evaluated can include only network devices, only entity applicationsor both network devices and entity applications. In this context, thenetwork devices are devices that are operable to distributecommunication signals that transit to and between themselves and othernetwork devices with each network device having a transit relationshipwith a communication signal in that the network device may originate acommunication signal and/or receive a communication signal and theentity applications are applications that direct distributions ofcommunication signals to and between several of the system assets. Thecritical interface evaluating method 310 also includes, with regard tothe network devices that have thus been identified, the step of applyinga reference group heuristic to determine if an identified network deviceis in the reference group, wherein an identified network device isdeemed to be in the reference group if the identified network device hasa non-intermediated communication relationship with two or more othernetwork devices.

The present invention capitalizes on the unobvious insight thatmeaningful information about a network can be gathered and subsequentlypresented in a readily accessible manner or an easily digestible mannerby employing a heuristic that focuses on specific attributes of thecommunications relationships between the system assets of a network,wherein the occurrence of such specific attributes among some of thecommunications relationships between system assets but not others is notpurposely driven by a goal of satisfying the heuristic but, instead,happens due to other factors. In other words, the method of the presentinvention makes use of the presence or absence of a characteristic(i.e., specific attributes of the communications relationships betweenthe system assets of the network) that the network possesses by ahappenstance that is not related to facilitating the selection orgrouping of certain system assets apart from the remainder of the systemassets.

One example of a specific attribute of the communications relationshipsbetween the system assets of the network that is suitable for use inconnection with the method of the present invention is the attributethat each network resource, which, as defined herein, is a device or apiece of physical hardware, has an address that is referenced toestablish communication between the device or piece physical hardwareand another device or piece of physical hardware. An example of such anaddress is a MAC address. A MAC address, or Media Access Controladdress, is a 48- or 64-bit address associated with a network adapter,the network adapter being a device which connects a computer or deviceto the network. In effect, a MAC address is a unique code permanentlyassigned to a specific item of network hardware, such as a networkdevice. An IP address, on the other hand, is an address associated withsoftware. A MAC address is sometimes referred to as a hardware address,a physical address, or a burned-in address.

In view of the fact, then, that all or substantially all, of the devicesof a network have a MAC address, it can be readily understood thatcreating an inventory or a topology representation of all of the devicesof a network having a MAC address merely provides an unfocussed view toA network operator of the health or capacity of a network. Informationabout the operation, location, or interconnections of many of the thusinventoried network devices may be largely irrelevant or meaninglesswith regard to an attempt to accurately assess the health or capacity ofthe network. So it can be understood that there exists no obvious reasonto take into account the MAC addresses of a network in attempting tomore accurately assess the health or capacity of the network.

However, the present invention relies upon the serendipitous discoverythat certain aspects of the MAC addresses of a network can, in fact, betaken into account in order to yield a useful overview of the health orcapacity of the network while optimally minimizing the density ofinformation that needs to be evaluated. To this end, in accordance withthe method of the present invention, the present invention takes intoaccount certain aspects of the MAC addresses of a network in connectionwith the degree to which a respective network device has a particularcommunication relationship to a predetermined number or count of othernetwork devices. In connection with one aspect of the present invention,the method of the present invention evaluates whether a respectivenetwork device has a particular communication relationship to apredetermined number or count of other network devices, wherein therelevant communication relationship is the degree and manner in whichthe respective network device has a “non-intermediated communicationrelationship” with a predetermined number or count of other networkdevices. A “non-intermediated communication relationship” is hereindefined as a communication link between the respective network deviceand another network device in which (a) there is no other network devicethat is operationally intermediate the respective network device and therespective other network device or (b) there is another network devicethat is operationally intermediate network device does not have a MACaddress.

In connection with further details of this one aspect of the presentinvention, the method of the present invention evaluates thecircumstance of whether a respective network device has anon-intermediated communication relationship to a predetermined numberor count of other network devices, wherein the predetermined number orcount of other network devices is two or more other network devices. Inconnection with still further details of this one aspect of the presentinvention, the critical interface evaluating method 310 evaluateswhether a respective network device has a non-intermediatedcommunication relationship to a predetermined number or count of othernetwork devices, wherein the predetermined number or count of othernetwork devices is three or more other network devices.

As noted, the critical interface evaluating method 310 includes the stepof identifying system assets of the network and the step of applying areference group heuristic. In the context of making use of MAC addressesin an advantageous manner to evaluate a network, the step of the methodof applying a reference group heuristic could include, for example,structuring the reference group heuristic so that an identified networkdevice is deemed to be in the reference group if the identified networkdevice itself has a MAC address and, additionally, has anon-intermediated communication relationship with two or more othernetwork devices that themselves each have a MAC address.

Referring further to FIG. 1, it is to be understood that the steps ofthe critical interface evaluating method 310 can be performed, withinthe scope of the present invention, in a batch manner, wherein some, butnot all, of the system assets are identified to form a first subset ofidentified system assets and then this subset of system assets isevaluated via the step of applying the reference group heuristic, withfurther subsets of system assets being identified and evaluated inseries or in parallel. Alternatively, the steps of the criticalinterface evaluating method 310 can be performed, within the scope ofthe present invention, in a single cohort manner, wherein all of thesystem assets are identified to form a set of identified system assetsand then these system assets are evaluated via the step of applying thereference group heuristic. As seen in FIG. 1, the critical interfaceevaluating method 310 includes a step 520 of includes identifying systemassets of the network, the system assets including one or both: (1)network devices that are operable to distribute communication signalsthat transit to and between these network devices with each networkdevice having a transit relationship with a communication signal in thatthe network device may originate a communication signal and/or receive acommunication signal and (2) entity applications that directdistributions of communication signals between several network devices.For the sake of illustration, network devices are schematically shown inFIG. 1 in the form of a server 622, a shared uplink 624, a switch 626,and a router 628 and entity applications are schematically shown in FIG.1 as a virtualization application 630, an accounting application 632,and a spreadsheet application 634.

The set of identified system assets created via the step 520 can bestored in any suitable storage format and can be optionally displayed ornot displayed in human-readable format. Moreover, the inventorycollection may be created via any suitable inventory collection approachincluding, for example, via network discovery techniques capable ofdiscovering system assets in an existing network, via reference to apreviously-generated inventory collection, or via estimates of thepresence or absence of the system assets of the network. Knowntechniques such as SMNP inventory collection can be used.

The critical interface evaluating method 310 further includes a step 530of applying a reference group heuristic to determine if an identifiednetwork device is in the reference group, wherein an identified networkdevice is deemed to be in the reference group if the identified networkdevice has a non-intermediated communication relationship with two ormore other network devices. As can be appreciated, the criticalinterface evaluating method 310 can advantageously provide insights intothe performance of the in-place network 220 and these performanceinsights can be leveraged to assist the operator of the in-place network220 to make information technology (IT) management decisions such as,for example, decisions relating to replacing or upgrading system assetsand including decisions about replacing some or all of the functionalityof system assets via migration of selected network functions to alocation external of the network—i.e., migration to a public or privatecloud. As an example of the feature of performing the critical interfaceevaluating method 310 to assist in a cloud migration decision, furtherreference is had to FIG. 1, wherein it can be seen that the criticalinterface evaluating method 310 may optionally include a step 530 ofassessing the data relative to a selection of migration scenarios eachof which is a scenario wherein some or all of the functions performed bysome or all of the system assets were instead to be performed at alocation external to the network. Furthermore, as an example of thevalue to a network operator of performing the step 540 of assessing dataabout the reference group or reference groups relative to a selection ofmigration scenarios, it can be further seen in FIG. 1 that the criticalinterface evaluating method 310 can also optionally include a step 540of generating a migration consideration set comprised of costinformation units that each include cost information about one of themigration scenarios.

In connection with the step 530 of assessing the traffic analytics datarelative to a selection of migration scenarios and the step 540 ofgenerating a migration consideration set comprised of cost informationunits, the migration consideration set may optionally include aplurality of cloud service providers who are deemed capable ofperforming a network computing task in lieu of the task being performedby the network and may further comprise a price qualified roster eachmember of which is a cloud service provider: (a) whose price forperforming the task complies with a price acceptability criteria or (b)that has a respective price proposal associated therewith reflecting aprice for engaging the cloud service provider to perform the task inlieu of the task being performed by the network. Moreover, this pricequalified roster can be displayed in a format suitable for the networkoperator to, at the least, have a display of each alternative taskperformer in the price qualified set and its respective price proposalthat reflects a price for engaging the alternative task performer toperform the task in lieu of the task being performed by the network. Itis to be understood that the term “display” is used in a broad sense andencompasses all forms of communication in visual, aural, and tactileformat and including both human-and machine-interface variations.

Reference is now had to FIG. 4, which is a schematic view of oneexemplary subnetwork of the network, in connection with a description ofthe performance of the critical interface evaluating method 310 toevaluate the network 220. As seen in FIG. 4, a subnetwork 710 of thenetwork 220 includes a router 720 that is operationally connection to aVMWare ESX server of the network, designated as SERV-10, which is avirtualization technology hardware item. The VMWare ESX server SERV-10of the network is not comprised in the subnetwork 710. The VMWare ESXserver SERV-10 is connected to other network devices (not shown) via aplurality of outer communication links OUTER-10 shown in broken lines.

The router 720 of the subnetwork 710 is a network device of the networkand is operationally connected to a number of other network devices viaports 722 integrally formed in the router. For the sake of simplicity ofillustration, each port 722 is shown as capable of handling acommunication input from a single network device. The communicationinput from each such respective single network device to a given port722 is transmitted via a cable 724. Each cable 724 is secured to arespective port 722 and also secured to a respective single networkdevice.

The network devices to which the cables 724 are connected comprise astand-alone computer terminal 730 (which may be a CRT, a telephonydevice, a laptop computer, etc.), a modem 732 having a computer terminal740 operatively connected to it (the computer terminal 740 itself is notdirectly connected to the router 720), a printer 734, a workstation 736,and an access port 738. In addition to its connection with the router720, the access port 738 is connected to five other network devices 742(shown in broken lines) via a plurality of further cables 744.

The router 720, the stand-alone computer terminal 730, the modem 732,the thereto connected computer terminal 740, the printer 734, theworkstation 736, and the access port 738 each have a MAC address. Anexecution or performance of the step of the critical interfaceevaluating method 310 would yield an identification of the router 720,the stand-alone computer terminal 730, the modem 732, the theretoconnected computer terminal 740, the printer 734, the workstation 736,and the access port 738 as well as an identification of those entityapplications associated with these network devices. The identificationof these system assets can be effected in any suitable manner including,for example, known approaches for developing an inventory of networkdevices such as “pinging” feedback approaches, approaches forreferencing a pre-existing network device inventory listing, andapproaches for inferring the presence of network devices based uponnetwork traffic analysis. The identification step can make use of anyknown network discovery approaches such as, for example, monitoring andassessment of network packets transmitted through the network.Alternatively or additionally, the selected network discovery approachcan monitor, for example, Transmission Control Protocol/InternetProtocol (TCP/IP) or any other suitable network protocol activity on thenetwork.

Following the execution or performance of the step of the criticalinterface evaluating method 310 of identifying system assets of thenetwork, a user can then execute or perform the further step of thecritical interface evaluating method 310 of applying a reference groupheuristic and this step could yield the following results. For the sakeof illustration, it is specified that the reference group heuristicdictates that an identified network device is deemed to be in thereference group if the identified network device itself has a MACaddress and, additionally, has a non-intermediated communicationrelationship with two or more other network devices that themselves eachhave a MAC address. The application of the reference group heuristic inthis manner to the identified network devices of the subnetwork(comprising the stand-alone computer terminal 730, the modem 732, thethereto connected computer terminal 740, the printer 734, and theworkstation 736) would result in a determination that the stand-alonecomputer terminal 730 does not satisfy the reference group heuristic forthe reason that this network device does not have a non-intermediatedcommunication relationship with two or more other network devices thatthemselves each have a MAC address. Additionally, the application of thereference group heuristic would lead to a similar determination withrespect to the printer 734 and the workstation 736—namely, neither ofthese two identified network devices satisfy the reference groupheuristic for the reason that neither one of these network devices havea non-intermediated communication relationship with two or more othernetwork devices that themselves each have a MAC address. Furthermore,with regard to the modem 732, although this network device has anon-intermediated communication relationship with another network devicethat itself has a MAC address (e.g., the computer terminal 740), thissingle non-intermediated communication relationship with one othernetwork device does not satisfy the reference group heuristic—i.e., asingle non-intermediated communication relationship with one othernetwork device does not satisfy the requirement of the reference groupheuristic of “a non-intermediated communication relationship with two ormore other network devices that themselves each have a MAC address.”

With regard to the access port 738, in the event that the access port isin a non-intermediated communication relationship with at least two ofthe network devices connected to the further cables 740, whereupon adetermination will be made that the access port 738 satisfies thereference group heuristic for the reason that this access port does, infact, have a non-intermediated communication relationship with two ormore other network devices that themselves each have a MAC address (theother network devices 742). For purposes of the example, it is assumedthat the access port 738 is in a non-intermediated communicationrelationship with all five of the respective network devices 742connected to the further cables 744 and so the step of applying areference group heuristic yields the determination that the access port738 satisfies the reference group heuristic for the reason that thisaccess port does, in fact, have a non-intermediated communicationrelationship with two or more other network devices that themselves eachhave a MAC address.

An evaluation report can be created in the form of a visual symbolicrepresentation of system assets including the network devices that aremembers of the reference group, as determined via the method of thepresent invention. The evaluation reports can be created to be presentedin addition to the visual symbolic representation of the subnetwork.Additionally, the visual symbolic representation of system assets can bepopulated with other information that may be of use to an administratorincluding visual symbolic representations of entity applications as wellas textual or visual information about the IT configuration of thenetwork including routing tables or port assignments, for example. Thetypes of network devices that may typically be members of the referencegroup may include, for example, servers, routers, infrastructureuplinks, and shared uplinks.

A network operator may view the evaluation report via a terminal or aworkstation, each of which may deploy a number of graphical userinterfaces to display pictorials, graphs, or other visual elements thatfacilitate comprehension and readability of the evaluation report.Additionally, data comprised in the evaluation report, including thecatalog of suggested references groups, may be communicated to otherresources of the network such as servers or storage resources such asdatabases.

The evaluation report can also be edited or supplemented by a networkoperator and formatted for downstream presentation to others such as,for example, other decision makers involved in overseeing and managingthe network. Such downstream presentations can be in form of dashboardpresentations and include visual cues such as, for example, color codedtabs or hyperlink tabs for indicating access to, for example, moredetails about a particular critical interface. Additionally, theevaluation report can be archived with past and future evaluationreports and dashboard presentations can be generated with reference tosuch archives to reveal, for example, trends or repeated variances fromdesired performance goals.

With reference again to FIG. 1, it can be seen that the criticalinterface evaluating method 310 can include additional steps to produceuseful IT management or IT build out tools for a network operator. As anexample, the critical interface evaluating method 310 can includeadditional steps that lead to the creation of a first set of systemassets of a reference group 640 and a second set of system assets of areference group 642, with each set of system assets of a reference groupbeing a reference group of critical interfaces determined for arespective subnetwork of the network 220. The first set of system assetsof a reference group 640 and the second set of system assets of areference group 642 can be analyzed independently or in comparison toone another for the purpose, for example, of evaluating variousmigration scenarios and the content or a summary of this analysis can bepresented to a network operator in a report 644. The report 644 can bedisplayed, if desired, on a graphical user interface 646 and/or can bepresented in any suitable human readable form.

As can be appreciated, the critical interface evaluating method 310 canadvantageously provide insights into the performance of the in-placenetwork 220 and these performance insights can be leveraged to assistthe operator of the in-place network 220 to make information technology(IT) management decisions such as, for example, decisions relating toreplacing or upgrading system assets and including decisions aboutreplacing some or all of the functionality of system assets viamigration of selected network functions to a location external of thenetwork—i.e., migration to a public or private cloud. For example, thecritical interface evaluating method 310 can yield information that canassist in a cloud migration decision, including generating a selectionof migration scenarios each of which is a scenario wherein some or allof the functions performed by some or all of the system assets wereinstead to be performed at a location external to the network.Additionally, the critical interface evaluating method 310 can yieldinformation that can assist in a cloud migration decision that includesgenerating a migration consideration set comprised of cost informationunits that each include cost information about one of the migrationscenarios.

The present invention contemplates that, in a given scenario, a networkoperator may choose to engage a third party to apply the method of thepresent invention to evaluate a network. In such a scenario, the thirdparty may deploy a user interface to produce a price qualified rosteraccessible to a network operator, wherein the price qualified rosterdisplays the offerings of various “alternative task performers” (i.e.,cloud service providers) with regard to the migration scenario ofinterest. A dashboard platform can be provided for displayinginformation about the price qualified rosters obtained via the method ofthe present invention and such a display can provide an intentionallyordered presentation of the alternative task performers in the pricequalified roster with such presentation being communicated visuallyand/or aurally to the network operator. The intentionally orderedpresentation of the alternative task performer or performers in theprice qualified roster may be arranged, for example, so as to providethe network operator with a hierarchal listing of the alternative taskperformer or performers in the price qualified roster. As anotherexample, the alternative task performer or performers in the pricequalified roster may be so arranged, for example, so as to provide thenetwork operator with a hierarchal listing of the alternative taskperformer or performers in the price qualified roster based upondirecting the network operator to preferred resources that can helpresolve metrics issues or capitalize upon identified opportunities.Further in this connection, the preferred resources can be comprised ofvendors who have a particular capability such as, for example, cloudservice providers having a particular capability, or vendors who aregiven preference relative to other vendors based upon a sponsorshipcriteria (i.e., “sponsoring” vendors are given a preferential showing inthe display provided by the dashboard platform 470 as opposed to“non-sponsoring” vendors).

In accordance with one variant for displaying the price qualifiedroster, with particular application in the context of cloud serviceproviders who agree to be “sponsoring” cloud service providers, cloudservice providers may create and manage their listings through a userinterface that permits the creation of one or more listing formats, theselection of details to associate with the listings, and an inserttemplate that governs how and in which situations a listing will bedisplayed to a network operator. The cloud service provider may enteradditional pieces of information and functionality pertaining to eachlisting. The cloud service provider may choose that a given listing betargeted only a discrete group of network operators, such as thosemeeting a set of customer demographics. Cloud service providers may setthe specific price at which they are willing to offer their cloudservices such as, for example, a single price or a price range for a“computing unit.” If desired, cloud service providers may have theability to be apprised of the price offerings of other cloud serviceproviders in order, for example, to ensure that their listing appears ina desired position or to optimize the “click-through” response orcontact response of the listing.

The method of the present invention can be executed manually but ispreferably executed via a tangible computer-readable medium forcontrolling a computing device to generate an output. This tangiblecomputer-readable medium may be connected (e.g., networked) to othermachines in a Local Area Network (LAN), an intranet, an extranet, or theInternet. The tangible computer-readable medium may operate in thecapacity of a server or a client machine in a client-server networkenvironment, or as a peer machine in a peer-to-peer (or distributed)network environment. The tangible computer-readable medium may be apersonal computer (PC), a tablet PC, a set-top box (STB), a PersonalDigital Assistant (PDA), a cellular telephone, a web appliance, aserver, a network router, switch or bridge, or any machine capable ofexecuting a set of instructions (sequential or otherwise) that specifyactions to be taken by that machine. Further, while only a singlemachine is illustrated, the term “machine” shall also be taken toinclude any collection of machines (e.g., computers) that individuallyor jointly execute a set (or multiple sets) of instructions to executethe steps of the method of the present invention.

An algorithm is here, and generally, conceived to be a self-consistentsequence of steps leading to a desired result. The steps are thoserequiring physical manipulations of physical quantities. Usually, thoughnot necessarily, these quantities take the form of electrical ormagnetic signals capable of being stored, transferred, combined,compared and otherwise manipulated by a computer system. It will beconvenient at times, principally for reasons of common usage, to referto the above-referenced signals as bits, values, elements, symbols,characters, terms, numbers or the like. It should be borne in mind,however, that all of these and similar terms are to be associated withthe appropriate physical quantities and are merely convenient labelsapplied to these quantities.

Unless specifically stated otherwise, it will be appreciated thatthroughout the description of the present invention, use of terms suchas “processing”, “computing”, “calculating”, “determining”, “displaying”or the like, refer to the action and processes of a computer system, orsimilar electronic computing device, that manipulates and transformsdata represented as physical (electronic) quantities within the computersystem's registers and memories into other data similarly represented asphysical quantities within the computer system memories or registers orother such information storage, transmission or display devices.Further, various embodiments of the present invention may be implementedwith the aid of computer-implemented processes or methods (a.k.a.programs or routines) that may be rendered in any computer languageincluding, without limitation, C#, C/C++, Fortran, COBOL, PASCAL,assembly language, markup languages (e.g., HTML, SGML, XML, VoXML), andthe like, as well as object-oriented environments such as the Javaobject-oriented environment and the like. In general, however, all ofthe aforementioned terms as used herein are meant to encompass anyseries of logical steps performed in a sequence to accomplish a givenpurpose.

The present invention can be implemented with an apparatus to performthe operations described herein. This apparatus may be speciallyconstructed for the required purposes, or it may comprise ageneral-purpose computer, selectively activated or reconfigured by acomputer program stored in the computer. Such a computer program may bestored in a computer readable storage medium, such as, but not limitedto, any type of disk including floppy disks, optical disks, CD-ROMs, andmagnetic-optical disks, read-only memories (ROMs), random accessmemories (RAMs), EPROMs, EEPROMs, magnetic or optical cards, or any typeof media suitable for storing electronic instructions, and each coupledto a computer system bus.

The algorithms and processes presented herein are not inherently relatedto any particular computer or other apparatus. Various general-purposesystems may be used with programs in accordance with the teachingsherein, or it may prove convenient to construct more specializedapparatus to perform the required method. For example, any of themethods according to the present invention can be implemented inhard-wired circuitry, by programming a general-purpose processor or byany combination of hardware and software.

One of ordinary skill in the art will immediately appreciate that theinvention can be practiced with computer system configurations of anytype, including hand-held devices, multiprocessor systems,microprocessor-based or programmable consumer electronics, DSP devices,network PCs, minicomputers, mainframe computers, personal computers, andthe like. The invention can also be practiced in distributed computingenvironments where tasks are performed by remote processing devices thatare linked through a communications network.

We claim:
 1. A method comprising, monitoring communications amongnetwork resources of a networked environment, wherein the networkresources include a plurality of network devices and a plurality ofapplications; using information of the monitored communications toidentify media access control addresses (MAC addresses) corresponding tothe plurality of network devices, wherein a MAC address uniquelyidentifies a network device and represents an addressable location ofthe network device in the networked environment, wherein the pluralityof network devices and the plurality of applications distribute thecommunications among the network resources using the MAC addresses,wherein the plurality of network devices comprise the network device;using information of the monitored communications to identifynon-intermediated communication relationships among the MAC addresses,wherein a non-intermediated communication relationship comprises a firstMAC address of the MAC addresses communicatively connected to at leasttwo other MAC addresses of the MAC addresses.